WO2017201908A1 - Application program security management method and system - Google Patents

Application program security management method and system Download PDF

Info

Publication number
WO2017201908A1
WO2017201908A1 PCT/CN2016/097464 CN2016097464W WO2017201908A1 WO 2017201908 A1 WO2017201908 A1 WO 2017201908A1 CN 2016097464 W CN2016097464 W CN 2016097464W WO 2017201908 A1 WO2017201908 A1 WO 2017201908A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
data
key
security
authentication
Prior art date
Application number
PCT/CN2016/097464
Other languages
French (fr)
Chinese (zh)
Inventor
钟焰涛
傅文治
蒋罗
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2017201908A1 publication Critical patent/WO2017201908A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an application security management method and system.
  • SIM Subscriber Identity Module
  • eSIM embedded SIM card.
  • the eSIM card Different from the current SIM card supporting only one network operator's service, the eSIM card stores multiple network operator profiles, which can support the mobile terminal to switch between different network operator services.
  • GSMA Global System for Mobile Communications Alliance
  • eUICC embedded Universal Integrated Circuit Card
  • an eUICC chip can download and install dozens of eSIM cards.
  • key data of the user's key applications for example, electronic wallet, bank certificate, etc.
  • An application security management method is applied to a mobile terminal, where the mobile terminal includes an eUICC device, and the eUICC device is provided with a security domain, and the method includes:
  • the key data generated when the key application is registered is stored in the security domain.
  • the key application includes an application for associating a bank card
  • the key data includes an encryption and decryption key, a signature key, and a password.
  • the method further includes:
  • the occupation notification of the security domain is reported to the subscription manager security route.
  • the method further comprises:
  • the method further includes:
  • the data of the authentication critical application comprises biometric data, behavioral feature data or cryptographic data of the user.
  • An application security management system is applied to a mobile terminal, where the mobile terminal includes an eUICC device, and the eUICC device is provided with a security domain, and the system includes:
  • a storage module configured to store key data generated when the key application is registered in the security domain.
  • the key application comprises an application associated with a bank card, the key data comprising an encryption and decryption key, a signature key, a password.
  • the system further comprises:
  • the reporting module is configured to report the occupation notification of the security domain to the subscription manager.
  • the storage module is further configured to:
  • the system further comprises:
  • a receiving module configured to receive authentication data input by a user
  • a determining module configured to determine whether the authentication data input by the user is related to the pre-stored authentication key The application's data matches;
  • a releasing module configured to: when the determining module determines that the authentication data input by the user matches the data of the pre-stored authentication key application, disarming the key data in the security domain;
  • the reporting module is further configured to report the application uninstallation of the security domain to the subscription manager secure route;
  • An uninstallation module is used to complete the uninstallation of the critical application.
  • the data of the authentication critical application comprises biometric data, behavioral feature data or cryptographic data of the user.
  • the key data of the critical application can be stored in the security domain of the eUICC, and the key data is prevented from being leaked when multiple eSIM cards coexist, thereby improving security.
  • FIG. 1 is a schematic diagram of a hardware architecture of a preferred embodiment of a mobile terminal for executing an application security management system of the present invention.
  • FIG. 2 is a schematic flow chart of an application security management method according to a first embodiment of the present invention.
  • FIG. 3 is a schematic diagram of information flow of an application security management method according to a first embodiment of the present invention.
  • FIG. 4 is a schematic flow chart of an application security management method according to a second embodiment of the present invention.
  • FIG. 5 is a functional block diagram of the application security management system of the present invention.
  • Mobile terminal 1 Application security management system 10 Storage device 20 Processing equipment 30 display screen 40 eUICC device 50
  • the mobile terminal 1 is a schematic diagram of a hardware architecture of a preferred embodiment of a mobile terminal for executing an application security management system of the present invention.
  • the mobile terminal 1 includes, but is not limited to, an application security management system 10, a storage device 20, a processing device 30, a display device 40, and an embedded universal integrated circuit card (eUICC). ) Device 50.
  • an application security management system 10 a storage device 20
  • a processing device 30 a display device 40
  • eUICC embedded universal integrated circuit card
  • the mobile terminal 1 may be a mobile terminal capable of automatically performing numerical calculation and/or information processing according to an instruction set or stored in advance, and the hardware thereof includes but is not limited to a microprocessor, an application specific integrated circuit, and a programmable gate array. , digital processors, embedded devices, etc.
  • the mobile terminal 1 may comprise a user equipment.
  • the user equipment includes, but is not limited to, any electronic product that can interact with a user through a keyboard, a mouse, a remote controller, a touch pad, or a voice control device, such as a personal computer, a tablet computer, a smart phone, and a personal digital device.
  • the network where the user equipment is located includes, but is not limited to, the Internet, a wide area network, Metropolitan area network, local area network, virtual private network (VPN), etc.
  • VPN virtual private network
  • the application security management system 10 is configured to store key data of the critical application in a security domain of the eUICC when the user downloads the critical application, and read the eUICC security domain when running and/or uninstalling the critical application.
  • the critical data and the user-defined authentication can perform related operations, thus improving the security of critical applications.
  • the critical application is an application that requires high security protection, including, but not limited to, any application associated with a bank card, such as an electronic wallet, mobile banking, and other payment software.
  • Key data for critical applications includes, but is not limited to, encryption and decryption keys, signing keys, and passwords.
  • the storage device 20 is configured to store program codes of respective program segments in the application security management system 10.
  • the storage device 20 can be a storage device such as a smart media card, a secure digital card, or a flash card.
  • the storage device 10 stores user-defined authentication authentication data, for example, biometric data and/or behavior characteristic data of the user.
  • the biometric data includes fingerprint data, face data, hand data, iris data, retina data, pulse data, or auricle data.
  • the behavior characteristic data includes handwriting, sound, key strength, and the like.
  • the user-defined authentication authentication data stored by the storage device 10 further includes a verification password set by the user, and the password may be a number, a letter, a symbol, or the like, or a combination of numbers, letters, symbols, and the like.
  • the processing device 30 can be comprised of one or more microprocessors, digital processors.
  • the processing device 30 is communicatively coupled to the application security management system 10, the storage device 20, the display device 40, and the eUICC device 50.
  • the communication can occur over a serial peripheral interface bus or some other communication path and protocol.
  • some or all of the communication data may also be encrypted by a private key, which may be a dynamic random key string code.
  • the display device 40 includes, but is not limited to, a display device having a touch function such as a touch display screen.
  • the eUICC device 50 is an embedded Universal Integrated Circuit Card (eUICC) for remotely managing a plurality of mobile network operators (MNOs) personal management services and conforms to the global mobile communication system. Regulations of the Global System for Mobile Communications Alliance (GSMA).
  • GSMA Global System for Mobile Communications Alliance
  • FIG. 2 it is a flowchart of an application security management method according to a first embodiment of the present invention. According to The order of the steps in the flowchart may be changed for different requirements, and some steps may be omitted.
  • step 210 the key application is downloaded.
  • the critical application may be downloaded through the application security management system 10, or the application may be downloaded through the mobile terminal 1 to download the critical application.
  • the key application refers to an application that requires high security protection, such as an application that associates a bank card, such as payment software, banking software, and the like.
  • Step 212 Store key data generated when the key application is registered in a security domain of the eUICC device 50.
  • the key data of the key application includes, but is not limited to, an encryption and decryption key, a signature key, and a password.
  • the eUICC device 50 can download multiple eSIM cards, and different eSIM cards can use different mobile network operators.
  • Each eSIM card stores information such as user identity, user authentication parameters (eg, encryption and decryption keys, etc.) and algorithms, user's phone book and short message data, and customized parameters of the mobile network operator.
  • the eUICC device 50 has a plurality of unassigned security domains in the storage space, and each of the unassigned security domains may be subsequently assigned to the eSIM card.
  • Each unassigned security domain in the eUICC device 50 has a permanent and unique identifier ID.
  • the security domain is used for secure storage of security values such as cryptographic keys, critical data for critical applications.
  • the storage space of the eUICC device 50 may be preset with a security domain, and the preset security domain may be allocated to the newly downloaded eSIM card, or may be used only for storing the security value without Assigned to the newly downloaded eSIM card.
  • the security domain may also provide access to security information through one or more standardized protocols as known to those skilled in the art.
  • Step 214 Report the occupation notification of the security domain to the subscription manager security route.
  • the application security management system 10 reports the occupation notification of the security domain to the subscription manager through the network.
  • the Subscription Manager Secure Routing (SM-SR) is mainly responsible for secure routing and transmission of eUICC remote profile data.
  • the specific process of the application security management system 10 reporting the occupation notification of the security domain to the SM-SR is shown in FIG. 3 and the corresponding description.
  • the application security management method may further include: the application The security management system 10 pre-stores data for authenticating critical applications.
  • the application security management system 10 receives data of one or more authentication critical applications preset by the user and stores data of the authentication critical application.
  • the data of the authentication critical application may be biometric data of the user, and the biometric data of the user includes fingerprint data, face data, hand data, iris data, retina data, pulse data or auricle data.
  • the data of the authentication critical application may also be behavior characteristic data of the user, and the behavior characteristic data of the user includes handwriting, sound, key strength, and the like.
  • the data of the authentication critical application may also be password data, and the password may be a number, a letter, a symbol, or the like or a combination of numbers, letters, symbols, and the like.
  • the data of the authentication critical application may also be a combination of two or all of the user's biometric data, behavioral feature data, and password data.
  • the application security management system 10 reports the information flow of the occupation information of the security domain to the SM-SR.
  • the order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted.
  • S310 The mobile terminal 1 sends an application installation occupation notice of the security domain to the mobile network operator MNO.
  • the application security management system 10 of the mobile terminal 1 sends an application installation occupation notification of the security domain to the mobile network operator MNO through the network.
  • the application installation occupation notification of the security domain carries an identifier of the security domain, an identifier of the eUICC, and remaining space information of the security domain.
  • S312 MNO and SM-SR mutually authenticate.
  • the MNO and the SM-SR first perform mutual authentication: the MNO confirms that the SM-SR is legal and reliable, and the SM-SR also confirms that the identity information announced by the MNO is authentic. After the two-way authentication succeeds, the MNO and SM-SR establish a secure IP connection (to prevent remote configuration information from leaking).
  • S314 The MNO sends an application installation occupation notification of the security domain to the SM-SR.
  • S316 The SM-SR records the occupation information of the security domain in a database.
  • the invention stores the key data of the key application in a secure domain of the eUICC, and can effectively improve the security of the key data when a plurality of eSIM cards coexist.
  • the critical application When running the critical application, it is necessary to read the key data stored in the eUICC. In other embodiments, it is also required to determine whether the data input by the user matches the data of the pre-stored authentication critical application, only in determining the data input by the user and the pre-stored authentication critical application. The critical application can be run when the program's data matches.
  • the SM-SR is required to report the application uninstallation of the security domain to meet the SM-SR management of the eUICC.
  • Figure 4. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted.
  • Step 410 Receive authentication data input by a user.
  • the application security management system 10 may receive fingerprint data input by the user by touching the display device 40, hand shape data, and may also receive key velocity data input by the user by pressing the display device 40. Handwriting data input by the user by writing characters on the display device 40 or input password data or the like can be received.
  • the mobile terminal 1 further includes a voice device, and the application security management system 10 can receive sound data input by the user through the voice device.
  • the mobile terminal 1 further includes an image collection device, and the application security management system 10 can receive facial data, iris data, retina data, and auricle data input by the user through the image collection device. .
  • Step 412 Determine whether the authentication data input by the user matches the authentication data of the pre-stored key application.
  • step 414 determines that the authentication data input by the user matches the authentication data of the pre-stored key application.
  • step 413 is performed.
  • step 413 the uninstallation of the key application is exited.
  • the step 413 may further include the application security management system 10 displaying a prompt for user authentication failure on the display device 40, or outputting the unsuccessful voice information through the voice device.
  • step 414 the occupation of key data in the security domain is released.
  • the application security management system 10 deletes key data in the security domain to release the occupation of key data in the security domain.
  • Step 416 Report the application uninstallation of the security domain to the SM-SR.
  • the application security management system 10 reports the application uninstallation of the security domain to the SM-SR through the network.
  • the application security management system 10 reports the application uninstallation of the security domain to the SM-SR.
  • the specific process of the notification is reported to the application security management system 10 to report the occupation notification of the security domain to the subscription manager. This article will not go into details here.
  • Step 418 completing the uninstallation of the key application.
  • the application security management system 10 includes a downloading module 500, a storage module 501, a reporting module 502, a receiving module 503, a determining module 504, an exiting module 505, a releasing module 506, an uninstalling module 507, and a prompting module 508.
  • a module referred to in the present invention refers to a series of computer program segments that can be executed by processing device 30 and that are capable of performing fixed functions, which are stored in storage device 20. In the present embodiment, the functions of the respective modules will be described in detail in the subsequent embodiments.
  • the download module 500 is configured to download a critical application.
  • the download module 500 can log in to the application mall through the mobile terminal 1 to download a key application.
  • the key application refers to an application that requires high security protection, such as an application that associates a bank card, such as payment software, banking software, and the like.
  • the storage module 501 is configured to store key data generated when the key application is registered in a security domain of the eUICC device 50.
  • the key data of the key application includes, but is not limited to, an encryption and decryption key, a signature key, and a password.
  • the eUICC device 50 can download multiple eSIM cards, and different eSIM cards can use different mobile network operators.
  • Each eSIM card stores information such as a user identity, a user authentication parameter (addition and decryption key, etc.) and an algorithm, a user's phone book and short message data, and a customized parameter of the mobile network operator.
  • the eUICC device 50 has a plurality of unassigned security domains in the storage space, and each of the unassigned security domains may be subsequently assigned to the eSIM card.
  • Each unassigned security domain in the eUICC device 50 has a permanent and unique identifier ID.
  • the security domain is used for secure storage of security values such as cryptographic keys, critical data for critical applications.
  • the storage space of the eUICC device 50 may be preset with a security domain, and the preset security domain may be allocated to the newly downloaded eSIM card, or may be used only for storing the security value without Assigned to the newly downloaded eSIM card.
  • the security domain may also provide access to security information through one or more standardized protocols as known to those skilled in the art.
  • the reporting module 502 is configured to report the occupation notification of the security domain to the subscription manager.
  • the reporting module 502 reports the occupation notification of the security domain to the subscription manager through the network.
  • the Subscription Manager Secure Routing (SM-SR) is mainly responsible for secure routing and transmission of eUICC remote profile data.
  • the specific process of the application security management system 10 reporting the occupation notification of the security domain to the SM-SR is shown in FIG. 3 and the corresponding description.
  • the storage module 501 is further configured to pre-store data of the authentication critical application.
  • the storage module 501 receives data of one or more authentication critical applications preset by the user and stores the data.
  • the data of the authentication critical application may be biometric data of the user, and the biometric data of the user includes fingerprint data, face data, hand data, iris data, retina data, pulse data or auricle data.
  • the data of the authentication critical application may also be behavior characteristic data of the user, and the behavior characteristic data of the user includes handwriting, sound, key strength, and the like.
  • the data of the authentication critical application may also be password data, and the password may be a number, a letter, a symbol, or the like or a combination of numbers, letters, symbols, and the like.
  • the data of the authentication critical application may also be a combination of two or all of the user's biometric data, behavioral feature data, and password data.
  • the invention stores the key data of the key application in a secure domain of the eUICC, and can effectively improve the security of the key data when a plurality of eSIM cards coexist.
  • the critical application When running the critical application, it is necessary to read the key data stored in the eUICC. In other embodiments, it is also required to determine whether the data input by the user matches the data of the pre-stored authentication critical application, and only determines the data input by the user and the data of the pre-stored authentication critical application. The critical application can be run when it matches.
  • the application release release notification of the security domain needs to be reported to the SM-SR to meet the SM-SR management of the eUICC.
  • the receiving module 503 is configured to receive authentication data input by a user.
  • the receiving module 503 can receive the fingerprint data and the hand shape data input by the user by touching the display device 40, and can also receive the button strength data input by the user by pressing the display device 40, and can also receive the user pass.
  • the handwriting data or the input password data or the like is written on the display device 40.
  • the mobile terminal 1 further includes a voice device, and the receiving module 503 can receive the number of voices input by the user through the voice device. according to.
  • the mobile terminal 1 further includes an image acquisition device, and the receiving module 503 can receive facial data, iris data, retina data, and auricle data input by the user through the image acquisition device.
  • the determining module 504 is configured to determine whether the authentication data input by the user matches the authentication data of the pre-stored key application.
  • the exiting module 505 is configured to exit the uninstallation of the critical application when the authentication data input by the user does not match the authentication data of the pre-stored critical application.
  • the release module 506 is configured to delete key data in the security domain to release the occupation of key data in the security domain.
  • the reporting module 502 is further configured to report the notification of application uninstallation of the security domain to the SM-SR.
  • the reporting module 502 reports the application uninstallation of the security domain to the SM-SR through the network.
  • the uninstalling module 507 is configured to complete the uninstallation of the critical application when the authentication data input by the user matches the authentication data of the pre-stored critical application.
  • the prompting module 508 is configured to prompt the user to fail the authentication on the display device 40, or output the unsuccessful voice information through the voice device.
  • modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional module in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software function modules.
  • the above-described integrated unit implemented in the form of a software function module can be stored in a computer readable storage medium.
  • the above software function modules are stored in a storage medium, including several instructions. Part of the steps of the method of the various embodiments of the present invention are performed by a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor.

Abstract

An application program security management method, applicable to a mobile terminal. The mobile terminal comprises an eUICC device provided with a security domain. The method comprises: downloading a key application program; and storing key data generated during registration of the key application program in the security domain. The present invention further provides an application program security management system. By means of storing key data of a key application program in a security domain of an eUICC, leakage of the key data caused by coexistence of multiple eSIM cards is avoided, and thus security of the key data is improved.

Description

应用程序安全管理方法和系统Application security management method and system
本申请要求于2016年5月25日提交中国专利局,申请号为201610352945.9、发明名称为“应用程序安全管理方法和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201610352945.9, entitled "Application Security Management Method and System", filed on May 25, 2016, the entire contents of .
技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种应用程序安全管理方法和系统。The present invention relates to the field of communications technologies, and in particular, to an application security management method and system.
背景技术Background technique
随着移动通信网络的快速发展,已经出现有将用户识别模块(Subscriber Identity Module,SIM)在设备生产阶段集成到移动终端中,此种SIM卡被称为嵌入式SIM(embedded SIM)卡,即eSIM卡。与当前的SIM卡只支持一家网络运营商的服务不同的是,eSIM卡中存储有多个网络运营商的配置文件,可以支持移动终端在不同的网络运营商服务之间进行切换。With the rapid development of the mobile communication network, the Subscriber Identity Module (SIM) has been integrated into the mobile terminal during the device production phase. This SIM card is called an embedded SIM card. eSIM card. Different from the current SIM card supporting only one network operator's service, the eSIM card stores multiple network operator profiles, which can support the mobile terminal to switch between different network operator services.
目前全球移动通信系统联盟(Global System for Mobile Communications Alliance,GSMA)的eSIM主要是基于嵌入式通用集成电路卡(embedded Universal Integrated Circuit Card,eUICC)来实现。通常情况下一个eUICC芯片可以下载安装几十个eSIM卡,然而当多个eSIM卡共存时,用户的关键应用(例如,电子钱包、银行证书等)的关键数据可能会发生泄露。Currently, the eSIM of the Global System for Mobile Communications Alliance (GSMA) is mainly implemented based on an embedded Universal Integrated Circuit Card (eUICC). Usually, an eUICC chip can download and install dozens of eSIM cards. However, when multiple eSIM cards coexist, key data of the user's key applications (for example, electronic wallet, bank certificate, etc.) may leak.
发明内容Summary of the invention
鉴于以上内容,有必要提供一种应用程序安全管理方法和系统,能将关键应用程序的关键数据存储在eUICC的安全域中,避免多个eSIM卡共存时关键数据被泄露,提高了安全性。In view of the above, it is necessary to provide an application security management method and system, which can store key data of key applications in the security domain of eUICC, avoiding leakage of key data when multiple eSIM cards coexist, and improving security.
一种应用程序安全管理方法,应用于移动终端中,所述移动终端包括eUICC设备,所述eUICC设备中设有安全域,该方法包括:An application security management method is applied to a mobile terminal, where the mobile terminal includes an eUICC device, and the eUICC device is provided with a security domain, and the method includes:
下载关键应用程序;及Download key applications; and
将注册所述关键应用程序时产生的关键数据存储在所述安全域内。The key data generated when the key application is registered is stored in the security domain.
根据本发明的一优选实施例,所述关键应用程序包括关联银行卡的应用程 序,所述关键数据包括加解密密钥、签名密钥、口令。According to a preferred embodiment of the present invention, the key application includes an application for associating a bank card The key data includes an encryption and decryption key, a signature key, and a password.
根据本发明的一优选实施例,将所述关键数据存储在所述安全域内后,所述方法还包括:According to a preferred embodiment of the present invention, after the key data is stored in the security domain, the method further includes:
向签约管理器安全路由上报所述安全域的占用通知。The occupation notification of the security domain is reported to the subscription manager security route.
根据本发明的一优选实施例,该方法还包括:According to a preferred embodiment of the invention, the method further comprises:
预先存储鉴权关键应用程序的数据。Pre-store data for authenticating critical applications.
根据本发明的一优选实施例,所述方法还包括:According to a preferred embodiment of the present invention, the method further includes:
卸载所述关键应用程序,包括:Uninstall the key applications, including:
接收用户输入的鉴权数据;Receiving authentication data input by the user;
确定用户输入的鉴权数据与所述预先存储的鉴权关键应用程序的数据相匹配时,解除所述安全域中的关键数据的占用;Determining the occupation of key data in the security domain when determining that the authentication data input by the user matches the data of the pre-stored authentication key application;
向所述签约管理器安全路由上报所述安全域的应用卸载的通知;及Notifying the subscription manager of the secure routing of the application uninstallation of the security domain; and
完成对所述关键应用程序的卸载。Complete the uninstallation of the critical application.
根据本发明的一优选实施例,所述鉴权关键应用程序的数据包括用户的生物特征数据、行为特征数据或者密码数据。According to a preferred embodiment of the invention, the data of the authentication critical application comprises biometric data, behavioral feature data or cryptographic data of the user.
一种应用程序安全管理系统,应用于移动终端中,所述移动终端包括eUICC设备,所述eUICC设备中设有安全域,该系统包括:An application security management system is applied to a mobile terminal, where the mobile terminal includes an eUICC device, and the eUICC device is provided with a security domain, and the system includes:
下载模块,用于下载关键应用程序;及Download module for downloading critical applications; and
存储模块,用于将注册所述关键应用程序时产生的关键数据存储在所述安全域内。a storage module, configured to store key data generated when the key application is registered in the security domain.
根据本发明的一优选实施例,所述关键应用程序包括关联银行卡的应用程序,所述关键数据包括加解密密钥、签名密钥、口令。According to a preferred embodiment of the invention, the key application comprises an application associated with a bank card, the key data comprising an encryption and decryption key, a signature key, a password.
根据本发明的一优选实施例,所述系统还包括:According to a preferred embodiment of the invention, the system further comprises:
上报模块,用于向签约管理器安全路由上报所述安全域的占用通知。The reporting module is configured to report the occupation notification of the security domain to the subscription manager.
根据本发明的一优选实施例,所述存储模块还用于:According to a preferred embodiment of the present invention, the storage module is further configured to:
预先存储鉴权关键应用程序的数据。Pre-store data for authenticating critical applications.
根据本发明的一优选实施例,所述系统还包括:According to a preferred embodiment of the invention, the system further comprises:
接收模块,用于接收用户输入的鉴权数据;a receiving module, configured to receive authentication data input by a user;
判断模块,用于确定用户输入的鉴权数据是否与所述预先存储的鉴权关键 应用程序的数据相匹配;a determining module, configured to determine whether the authentication data input by the user is related to the pre-stored authentication key The application's data matches;
解除模块,用于当所述判断模块确定用户输入的鉴权数据与所述预先存储的鉴权关键应用程序的数据相匹配时,解除所述安全域中的关键数据的占用;And a releasing module, configured to: when the determining module determines that the authentication data input by the user matches the data of the pre-stored authentication key application, disarming the key data in the security domain;
所述上报模块,还用于向所述签约管理器安全路由上报所述安全域的应用卸载的通知;及The reporting module is further configured to report the application uninstallation of the security domain to the subscription manager secure route; and
卸载模块,用于完成对所述关键应用程序的卸载。An uninstallation module is used to complete the uninstallation of the critical application.
根据本发明的一优选实施例,所述鉴权关键应用程序的数据包括用户的生物特征数据、行为特征数据或者密码数据。According to a preferred embodiment of the invention, the data of the authentication critical application comprises biometric data, behavioral feature data or cryptographic data of the user.
由以上技术方案可以看出,本发明能将关键应用程序的关键数据存储在eUICC的安全域中,避免多个eSIM卡共存时关键数据被泄露,提高了安全性。It can be seen from the above technical solution that the key data of the critical application can be stored in the security domain of the eUICC, and the key data is prevented from being leaked when multiple eSIM cards coexist, thereby improving security.
附图说明DRAWINGS
图1是本发明用于执行一个应用程序安全管理系统的移动终端较佳实施例的硬件架构示意图。1 is a schematic diagram of a hardware architecture of a preferred embodiment of a mobile terminal for executing an application security management system of the present invention.
图2是本发明第一实施例的应用程序安全管理方法的流程示意图。2 is a schematic flow chart of an application security management method according to a first embodiment of the present invention.
图3是本发明第一实施例的应用程序安全管理方法的信息流示意图。FIG. 3 is a schematic diagram of information flow of an application security management method according to a first embodiment of the present invention.
图4是本发明第二实施例的应用程序安全管理方法的流程示意图。4 is a schematic flow chart of an application security management method according to a second embodiment of the present invention.
图5是本发明应用程序安全管理系统的功能模块图。Figure 5 is a functional block diagram of the application security management system of the present invention.
主要元件符号说明Main component symbol description
移动终端Mobile terminal 11
应用程序安全管理系统Application security management system 1010
存储设备 Storage device 2020
处理设备 Processing equipment 3030
显示设备 display screen 4040
eUICC设备 eUICC device 5050
下载模块 Download module 500500
存储模块 Storage module 501501
上报模块Reporting module 502502
接收模块 Receiving module 503503
判断模块 Judgment module 504504
退出模块 Exit module 505505
解除模块 Release module 506506
卸载模块 Unload module 507507
提示模块 Prompt module 508508
具体实施方式detailed description
为了使本发明的目的、技术方案和优点更加清楚,下面结合附图和具体实施例对本发明进行详细描述。The present invention will be described in detail below with reference to the drawings and specific embodiments.
图1是本发明用于执行一个应用程序安全管理系统的移动终端较佳实施例的硬件架构示意图。如该硬件架构示意图所示,移动终端1包括,但不限于,应用程序安全管理系统10、存储设备20、处理设备30、显示设备40及嵌入式通用集成电路卡(embedded Universal Integrated Circuit Card,eUICC)设备50。1 is a schematic diagram of a hardware architecture of a preferred embodiment of a mobile terminal for executing an application security management system of the present invention. As shown in the hardware architecture diagram, the mobile terminal 1 includes, but is not limited to, an application security management system 10, a storage device 20, a processing device 30, a display device 40, and an embedded universal integrated circuit card (eUICC). ) Device 50.
所述移动终端1可以是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的移动终端,其硬件包括但不限于微处理器、专用集成电路、可编程门阵列、数字处理器、嵌入式设备等。所述移动终端1可包括用户设备。所述用户设备包括但不限于任何一种可与用户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互的电子产品,例如,个人计算机、平板电脑、智能手机、个人数字助理(personal digital assistant,PDA)、游戏机、交互式网络电视(Internet protocol television,IPTV)、智能式穿戴式设备等。其中,所述用户设备所处的网络包括但不限于互联网、广域网、 城域网、局域网、虚拟专用网络(virtual private network,VPN)等。The mobile terminal 1 may be a mobile terminal capable of automatically performing numerical calculation and/or information processing according to an instruction set or stored in advance, and the hardware thereof includes but is not limited to a microprocessor, an application specific integrated circuit, and a programmable gate array. , digital processors, embedded devices, etc. The mobile terminal 1 may comprise a user equipment. The user equipment includes, but is not limited to, any electronic product that can interact with a user through a keyboard, a mouse, a remote controller, a touch pad, or a voice control device, such as a personal computer, a tablet computer, a smart phone, and a personal digital device. Personal digital assistant (PDA), game console, Internet protocol television (IPTV), smart wearable device, etc. The network where the user equipment is located includes, but is not limited to, the Internet, a wide area network, Metropolitan area network, local area network, virtual private network (VPN), etc.
所述应用程序安全管理系统10用于当用户下载关键应用程序时,将该关键应用程序的关键数据存储在eUICC的一个安全域内,运行及/或卸载该关键应用程序时需要读取eUICC安全域内的关键数据并通过用户自定义的鉴权认证时方可执行相关操作,如此提高了关键应用程序的安全性。所述关键应用程序是需要高安全保护的应用程序,包括,但不限于,任何与银行卡相关联的应用程序,例如,电子钱包,手机银行及其他支付软件。关键应用程序的关键数据包括,但不限于,加解密密钥、签名密钥、口令。The application security management system 10 is configured to store key data of the critical application in a security domain of the eUICC when the user downloads the critical application, and read the eUICC security domain when running and/or uninstalling the critical application. The critical data and the user-defined authentication can perform related operations, thus improving the security of critical applications. The critical application is an application that requires high security protection, including, but not limited to, any application associated with a bank card, such as an electronic wallet, mobile banking, and other payment software. Key data for critical applications includes, but is not limited to, encryption and decryption keys, signing keys, and passwords.
所述存储设备20用于存储所述应用程序安全管理系统10中各个程序段的程序代码。该存储设备20可以为智能媒体卡(smart media card)、安全数字卡(secure digital card)、快闪存储器卡(flash card)等储存设备。所述存储设备10中存储着用户自定义的鉴权认证数据,例如,用户的生物特征数据及/或行为特征数据。所述生物特征数据包括指纹数据、人脸数据、手形数据、虹膜数据、视网膜数据、脉搏数据或者耳廓数据。所述行为特征数据包括笔迹、声音、按键力度等。在其他实施例中,所述存储设备10存储的用户自定义的鉴权认证数据还包括用户设置的验证密码,所述密码可以是数字、字母、符号等或者数字、字母与符号等的组合。The storage device 20 is configured to store program codes of respective program segments in the application security management system 10. The storage device 20 can be a storage device such as a smart media card, a secure digital card, or a flash card. The storage device 10 stores user-defined authentication authentication data, for example, biometric data and/or behavior characteristic data of the user. The biometric data includes fingerprint data, face data, hand data, iris data, retina data, pulse data, or auricle data. The behavior characteristic data includes handwriting, sound, key strength, and the like. In other embodiments, the user-defined authentication authentication data stored by the storage device 10 further includes a verification password set by the user, and the password may be a number, a letter, a symbol, or the like, or a combination of numbers, letters, symbols, and the like.
所述处理设备30可以是一个或者多个微处理器、数字处理器组成。所述处理设备30与所述应用程序安全管理系统10、存储设备20、显示设备40及eUICC设备50通信连接。所述通信可以串行外围设备接口总线或某种其他通信路径和协议发生。在其他实施例中,为保证通信的安全性,部分或所有的通信数据还可以通过私有密钥进行加密处理,所述私有密钥可以为动态随机密钥串码。The processing device 30 can be comprised of one or more microprocessors, digital processors. The processing device 30 is communicatively coupled to the application security management system 10, the storage device 20, the display device 40, and the eUICC device 50. The communication can occur over a serial peripheral interface bus or some other communication path and protocol. In other embodiments, in order to ensure the security of communication, some or all of the communication data may also be encrypted by a private key, which may be a dynamic random key string code.
所述显示设备40包括,但不限于,触摸显示屏等具有触摸功能的显示设备。The display device 40 includes, but is not limited to, a display device having a touch function such as a touch display screen.
所述eUICC设备50是嵌入式通用集成电路卡(embedded Universal Integrated Circuit Card,eUICC),用于远程管理多个移动网络运营商(Mobile Network Operator,MNO)的个人管理服务,并符合全球移动通信系统联盟(Global System for Mobile Communications Alliance,GSMA)的规定。The eUICC device 50 is an embedded Universal Integrated Circuit Card (eUICC) for remotely managing a plurality of mobile network operators (MNOs) personal management services and conforms to the global mobile communication system. Regulations of the Global System for Mobile Communications Alliance (GSMA).
如图2所示,是本发明第一实施例应用程序安全管理方法的流程图。根据 不同的需求,该流程图中步骤的顺序可以改变,某些步骤可以省略。As shown in FIG. 2, it is a flowchart of an application security management method according to a first embodiment of the present invention. According to The order of the steps in the flowchart may be changed for different requirements, and some steps may be omitted.
步骤210,下载关键应用程序。In step 210, the key application is downloaded.
在一些实施例中,可以通过所述应用程序安全管理系统10下载关键应用程序,也可以通过移动终端1登录应用商城下载关键应用程序。所述关键应用程序是指需要高安全保护的应用程序,所述关键应用程序包括关联银行卡的应用程序,例如支付软件、银行软件等。In some embodiments, the critical application may be downloaded through the application security management system 10, or the application may be downloaded through the mobile terminal 1 to download the critical application. The key application refers to an application that requires high security protection, such as an application that associates a bank card, such as payment software, banking software, and the like.
步骤212,将注册所述关键应用程序时产生的关键数据存储在eUICC设备50的一个安全域内。Step 212: Store key data generated when the key application is registered in a security domain of the eUICC device 50.
所述关键应用程序的关键数据包括,但不限于,加解密密钥、签名密钥、口令。The key data of the key application includes, but is not limited to, an encryption and decryption key, a signature key, and a password.
所述eUICC设备50可以下载多个eSIM卡,不同的eSIM卡可以选用不同的移动网络运营商。所述每一个eSIM卡中存储有用户身份、用户认证参数(例如,加解密密钥等)和算法、用户的电话薄和短信数据、移动网络运营商的定制参数等信息。The eUICC device 50 can download multiple eSIM cards, and different eSIM cards can use different mobile network operators. Each eSIM card stores information such as user identity, user authentication parameters (eg, encryption and decryption keys, etc.) and algorithms, user's phone book and short message data, and customized parameters of the mobile network operator.
在本实施例中,所述eUICC设备50的存储空间中具有多个未被分配的安全域,这些未被分配的安全域中的每个安全域都可在随后分配给eSIM卡。所述eUICC设备50中的每个未被分配的安全域都有一个永久的且唯一的标识符ID。所述安全域用于安全值(如密码密钥、关键应用程序的关键数据)的安全存储。在不同的实施例中,所述eUICC设备50的存储空间可预先设定安全域,该预先设定的安全域可分配给新下载的eSIM卡,也可仅用来对安全值进行存储而不分配给新下载的eSIM卡。在其他实施例中,所述安全域还可以通过如本领域技术人员已知的一种或多种标准化协议来提供对安全信息的访问。In this embodiment, the eUICC device 50 has a plurality of unassigned security domains in the storage space, and each of the unassigned security domains may be subsequently assigned to the eSIM card. Each unassigned security domain in the eUICC device 50 has a permanent and unique identifier ID. The security domain is used for secure storage of security values such as cryptographic keys, critical data for critical applications. In different embodiments, the storage space of the eUICC device 50 may be preset with a security domain, and the preset security domain may be allocated to the newly downloaded eSIM card, or may be used only for storing the security value without Assigned to the newly downloaded eSIM card. In other embodiments, the security domain may also provide access to security information through one or more standardized protocols as known to those skilled in the art.
步骤214,向签约管理器安全路由上报所述安全域的占用通知。Step 214: Report the occupation notification of the security domain to the subscription manager security route.
本实施例中,所述应用程序安全管理系统10通过网络向签约管理器安全路由上报所述安全域的占用通知。In this embodiment, the application security management system 10 reports the occupation notification of the security domain to the subscription manager through the network.
所述签约管理器安全路由(Subscription Manager Secure Routing,SM-SR)主要负责eUICC远程配置文件数据的安全路由和传输。所述应用程序安全管理系统10向SM-SR上报所述安全域的占用通知的具体过程参见图3及相应描述。The Subscription Manager Secure Routing (SM-SR) is mainly responsible for secure routing and transmission of eUICC remote profile data. The specific process of the application security management system 10 reporting the occupation notification of the security domain to the SM-SR is shown in FIG. 3 and the corresponding description.
在其他实施例中,所述应用程序安全管理方法还可以包括:所述应用程序 安全管理系统10预先存储鉴权关键应用程序的数据。In other embodiments, the application security management method may further include: the application The security management system 10 pre-stores data for authenticating critical applications.
在本实施例中,所述应用程序安全管理系统10接收用户预先设置的一个或者多个鉴权关键应用程序的数据并存储所述鉴权关键应用程序的数据。所述鉴权关键应用程序的数据可以是用户的生物特征数据,所述用户的生物特征数据包括指纹数据、人脸数据、手形数据、虹膜数据、视网膜数据、脉搏数据或者耳廓数据等。所述鉴权关键应用程序的数据还可以是用户的行为特征数据,所述用户的行为特征数据包括笔迹、声音、按键力度等。所述鉴权关键应用程序的数据还可以是密码数据,所述密码可以是数字、字母、符号等或者数字、字母与符号等的组合。在其他实施例中,所述鉴权关键应用程序的数据还可以是用户的生物特征数据、行为特征数据、密码数据的两种或者全部的组合。In this embodiment, the application security management system 10 receives data of one or more authentication critical applications preset by the user and stores data of the authentication critical application. The data of the authentication critical application may be biometric data of the user, and the biometric data of the user includes fingerprint data, face data, hand data, iris data, retina data, pulse data or auricle data. The data of the authentication critical application may also be behavior characteristic data of the user, and the behavior characteristic data of the user includes handwriting, sound, key strength, and the like. The data of the authentication critical application may also be password data, and the password may be a number, a letter, a symbol, or the like or a combination of numbers, letters, symbols, and the like. In other embodiments, the data of the authentication critical application may also be a combination of two or all of the user's biometric data, behavioral feature data, and password data.
参阅图3所示为所述应用程序安全管理系统10向SM-SR上报所述安全域的占用信息的信息流。根据不同的需求,该流程图中步骤的顺序可以改变,某些步骤可以省略。Referring to FIG. 3, the application security management system 10 reports the information flow of the occupation information of the security domain to the SM-SR. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted.
S310:移动终端1发送所述安全域的应用安装占用通知给移动网络运营商MNO。S310: The mobile terminal 1 sends an application installation occupation notice of the security domain to the mobile network operator MNO.
本实施例中,所述移动终端1的应用程序安全管理系统10通过网络发送所述安全域的应用安装占用通知给移动网络运营商MNO。所述安全域的应用安装占用通知携带有安全域的标识符、所述eUICC的标识符、所述安全域的剩余空间信息。In this embodiment, the application security management system 10 of the mobile terminal 1 sends an application installation occupation notification of the security domain to the mobile network operator MNO through the network. The application installation occupation notification of the security domain carries an identifier of the security domain, an identifier of the eUICC, and remaining space information of the security domain.
S312:MNO与SM-SR相互认证。S312: MNO and SM-SR mutually authenticate.
MNO和SM-SR首先进行双向认证:MNO确认SM-SR是合法可靠的,SM-SR也确认MNO所宣布的身份标识信息是真实可信的。双向认证成功后,MNO和SM-SR建立安全IP连接(防止远程配置信息泄露)。The MNO and the SM-SR first perform mutual authentication: the MNO confirms that the SM-SR is legal and reliable, and the SM-SR also confirms that the identity information announced by the MNO is authentic. After the two-way authentication succeeds, the MNO and SM-SR establish a secure IP connection (to prevent remote configuration information from leaking).
S314:MNO发送所述安全域的应用安装占用通知给SM-SR。S314: The MNO sends an application installation occupation notification of the security domain to the SM-SR.
S316:SM-SR将所述安全域的占用信息记录在数据库中。S316: The SM-SR records the occupation information of the security domain in a database.
本发明将关键应用程序的关键数据存储于所述eUICC的一个安全域中,在多个eSIM卡共存时可有效提高所述关键数据的安全性。The invention stores the key data of the key application in a secure domain of the eUICC, and can effectively improve the security of the key data when a plurality of eSIM cards coexist.
当运行所述关键应用程序时,需要读取eUICC中存储的关键数据。在其他实施例中,还需要判断用户输入的数据是否与所述预先存储的鉴权关键应用程序的数据相匹配,只有在确定用户输入的数据与所述预先存储的鉴权关键应用 程序的数据相匹配时,方可运行所述关键应用程序。When running the critical application, it is necessary to read the key data stored in the eUICC. In other embodiments, it is also required to determine whether the data input by the user matches the data of the pre-stored authentication critical application, only in determining the data input by the user and the pre-stored authentication critical application. The critical application can be run when the program's data matches.
当卸载关键应用程序时,需要向SM-SR上报安全域的应用卸载的通知,以满足SM-SR对eUICC的管理,具体过程参见图4所示。根据不同的需求,该流程图中步骤的顺序可以改变,某些步骤可以省略。When the critical application is uninstalled, the SM-SR is required to report the application uninstallation of the security domain to meet the SM-SR management of the eUICC. For details, see Figure 4. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted.
步骤410,接收用户输入的鉴权数据。Step 410: Receive authentication data input by a user.
在一些实施例中,所述应用程序安全管理系统10可以接收用户通过触摸所述显示设备40输入的指纹数据、手形数据,也可以接收用户通过按压所述显示设备40输入的按键力度数据,还可以接收用户通过在所述显示设备40上写入文字从而输入的笔迹数据或者输入的密码数据等。在一些实施例中,所述移动终端1还包括语音设备,所述应用程序安全管理系统10可以接收用户通过所述语音设备输入的声音数据。在一些实施例中,所述移动终端1还包括图像采集设备,所述应用程序安全管理系统10可以接收用户通过所述图像采集设备输入的人脸数据、虹膜数据、视网膜数据及耳廓数据等。In some embodiments, the application security management system 10 may receive fingerprint data input by the user by touching the display device 40, hand shape data, and may also receive key velocity data input by the user by pressing the display device 40. Handwriting data input by the user by writing characters on the display device 40 or input password data or the like can be received. In some embodiments, the mobile terminal 1 further includes a voice device, and the application security management system 10 can receive sound data input by the user through the voice device. In some embodiments, the mobile terminal 1 further includes an image collection device, and the application security management system 10 can receive facial data, iris data, retina data, and auricle data input by the user through the image collection device. .
步骤412,判断用户输入的鉴权数据是否与预先存储的关键应用程序的鉴权数据相匹配。Step 412: Determine whether the authentication data input by the user matches the authentication data of the pre-stored key application.
所述应用程序安全管理系统10判断用户输入的鉴权数据与预先存储的关键应用程序的鉴权数据相匹配时,执行步骤414。所述应用程序安全管理系统10判断用户输入的鉴权数据与预先存储的关键应用程序的鉴权数据不匹配时,执行步骤413。When the application security management system 10 determines that the authentication data input by the user matches the authentication data of the pre-stored key application, step 414 is performed. When the application security management system 10 determines that the authentication data input by the user does not match the authentication data of the pre-stored critical application, step 413 is performed.
步骤413,退出对所述关键应用程序的卸载。In step 413, the uninstallation of the key application is exited.
在一些实施例中,所述步骤413还可以包括所述应用程序安全管理系统10在所述显示设备40上显示用户鉴权失败的提示,或者通过语音设备输出卸载失败的语音信息。In some embodiments, the step 413 may further include the application security management system 10 displaying a prompt for user authentication failure on the display device 40, or outputting the unsuccessful voice information through the voice device.
步骤414,解除所述安全域中的关键数据的占用。In step 414, the occupation of key data in the security domain is released.
本实施例中,所述应用程序安全管理系统10删除所述安全域中的关键数据,以解除所述安全域中的关键数据的占用In this embodiment, the application security management system 10 deletes key data in the security domain to release the occupation of key data in the security domain.
步骤416,向所述SM-SR上报安全域的应用卸载的通知。Step 416: Report the application uninstallation of the security domain to the SM-SR.
本实施例中,所述应用程序安全管理系统10通过网络向SM-SR上报所述安全域的应用卸载的通知。In this embodiment, the application security management system 10 reports the application uninstallation of the security domain to the SM-SR through the network.
所述应用程序安全管理系统10向SM-SR上报所述安全域的应用卸载的通 知的具体过程同所述应用程序安全管理系统10向签约管理器安全路由上报所述安全域的占用通知。本文在此不再赘述。The application security management system 10 reports the application uninstallation of the security domain to the SM-SR. The specific process of the notification is reported to the application security management system 10 to report the occupation notification of the security domain to the subscription manager. This article will not go into details here.
步骤418,完成对所述关键应用程序的卸载。 Step 418, completing the uninstallation of the key application.
如图5所示,所述应用程序安全管理系统10包括下载模块500、存储模块501、上报模块502、接收模块503、判断模块504、退出模块505、解除模块506、卸载模块507及提示模块508。本发明所称的模块是指一种能够被处理设备30所执行并且能够完成固定功能的一系列计算机程序段,其存储在存储设备20中。在本实施例中,关于各模块的功能将在后续的实施例中详述。As shown in FIG. 5, the application security management system 10 includes a downloading module 500, a storage module 501, a reporting module 502, a receiving module 503, a determining module 504, an exiting module 505, a releasing module 506, an uninstalling module 507, and a prompting module 508. . A module referred to in the present invention refers to a series of computer program segments that can be executed by processing device 30 and that are capable of performing fixed functions, which are stored in storage device 20. In the present embodiment, the functions of the respective modules will be described in detail in the subsequent embodiments.
所述下载模块500用于下载关键应用程序。The download module 500 is configured to download a critical application.
在一些实施例中,所述下载模块500可以通过移动终端1登录应用商城下载关键应用程序。所述关键应用程序是指需要高安全保护的应用程序,所述关键应用程序包括关联银行卡的应用程序,例如支付软件、银行软件等。In some embodiments, the download module 500 can log in to the application mall through the mobile terminal 1 to download a key application. The key application refers to an application that requires high security protection, such as an application that associates a bank card, such as payment software, banking software, and the like.
所述存储模块501用于将注册所述关键应用程序时产生的关键数据存储在eUICC设备50的一个安全域内。The storage module 501 is configured to store key data generated when the key application is registered in a security domain of the eUICC device 50.
所述关键应用程序的关键数据包括,但不限于,加解密密钥、签名密钥、口令。The key data of the key application includes, but is not limited to, an encryption and decryption key, a signature key, and a password.
所述eUICC设备50可以下载多个eSIM卡,不同的eSIM卡可以选用不同的移动网络运营商。所述每一个eSIM卡中存储有用户身份、用户认证参数(加解密密钥等)和算法、用户的电话薄和短信数据、移动网络运营商的定制参数等信息。The eUICC device 50 can download multiple eSIM cards, and different eSIM cards can use different mobile network operators. Each eSIM card stores information such as a user identity, a user authentication parameter (addition and decryption key, etc.) and an algorithm, a user's phone book and short message data, and a customized parameter of the mobile network operator.
在本实施例中,所述eUICC设备50的存储空间中具有多个未被分配的安全域,这些未被分配的安全域中的每个安全域都可在随后分配给eSIM卡。所述eUICC设备50中的每个未被分配的安全域都有一个永久的且唯一的标识符ID。所述安全域用于安全值(如密码密钥、关键应用程序的关键数据)的安全存储。在不同的实施例中,所述eUICC设备50的存储空间可预先设定安全域,该预先设定的安全域可分配给新下载的eSIM卡,也可仅用来对安全值进行存储而不分配给新下载的eSIM卡。在其他实施例中,所述安全域还可以通过如本领域技术人员已知的一种或多种标准化协议来提供对安全信息的访问。In this embodiment, the eUICC device 50 has a plurality of unassigned security domains in the storage space, and each of the unassigned security domains may be subsequently assigned to the eSIM card. Each unassigned security domain in the eUICC device 50 has a permanent and unique identifier ID. The security domain is used for secure storage of security values such as cryptographic keys, critical data for critical applications. In different embodiments, the storage space of the eUICC device 50 may be preset with a security domain, and the preset security domain may be allocated to the newly downloaded eSIM card, or may be used only for storing the security value without Assigned to the newly downloaded eSIM card. In other embodiments, the security domain may also provide access to security information through one or more standardized protocols as known to those skilled in the art.
所述上报模块502用于向签约管理器安全路由上报所述安全域的占用通知。 The reporting module 502 is configured to report the occupation notification of the security domain to the subscription manager.
本实施例中,所述上报模块502通过网络向签约管理器安全路由上报所述安全域的占用通知。In this embodiment, the reporting module 502 reports the occupation notification of the security domain to the subscription manager through the network.
所述签约管理器安全路由(Subscription Manager Secure Routing,SM-SR)主要负责eUICC远程配置文件数据的安全路由和传输。所述应用程序安全管理系统10向SM-SR上报所述安全域的占用通知的具体过程参见图3及相应描述。The Subscription Manager Secure Routing (SM-SR) is mainly responsible for secure routing and transmission of eUICC remote profile data. The specific process of the application security management system 10 reporting the occupation notification of the security domain to the SM-SR is shown in FIG. 3 and the corresponding description.
所述存储模块501还用于预先存储鉴权关键应用程序的数据。The storage module 501 is further configured to pre-store data of the authentication critical application.
在本实施例中,所述存储模块501接收接收用户预先设置的一个或者多个鉴权关键应用程序的数据并存储所述数据。所述鉴权关键应用程序的数据可以是用户的生物特征数据,所述用户的生物特征数据包括指纹数据、人脸数据、手形数据、虹膜数据、视网膜数据、脉搏数据或者耳廓数据等。所述鉴权关键应用程序的数据还可以是用户的行为特征数据,所述用户的行为特征数据包括笔迹、声音、按键力度等。所述鉴权关键应用程序的数据还可以是密码数据,所述密码可以是数字、字母、符号等或者数字、字母与符号等的组合。在其他实施例中,所述鉴权关键应用程序的数据还可以是用户的生物特征数据、行为特征数据、密码数据的两种或者全部的组合。In this embodiment, the storage module 501 receives data of one or more authentication critical applications preset by the user and stores the data. The data of the authentication critical application may be biometric data of the user, and the biometric data of the user includes fingerprint data, face data, hand data, iris data, retina data, pulse data or auricle data. The data of the authentication critical application may also be behavior characteristic data of the user, and the behavior characteristic data of the user includes handwriting, sound, key strength, and the like. The data of the authentication critical application may also be password data, and the password may be a number, a letter, a symbol, or the like or a combination of numbers, letters, symbols, and the like. In other embodiments, the data of the authentication critical application may also be a combination of two or all of the user's biometric data, behavioral feature data, and password data.
本发明将关键应用程序的关键数据存储于所述eUICC的一个安全域中,在多个eSIM卡共存时可有效提高所述关键数据的安全性。The invention stores the key data of the key application in a secure domain of the eUICC, and can effectively improve the security of the key data when a plurality of eSIM cards coexist.
当运行所述关键应用程序时,需要读取eUICC中存储的关键数据。在其他实施例中,还需要判断用户输入的数据是否与所述预先存储的鉴权关键应用程序的数据相匹配,只有在确定用户输入的数据与所述预先存储的鉴权关键应用程序的数据相匹配时,方可运行所述关键应用程序。When running the critical application, it is necessary to read the key data stored in the eUICC. In other embodiments, it is also required to determine whether the data input by the user matches the data of the pre-stored authentication critical application, and only determines the data input by the user and the data of the pre-stored authentication critical application. The critical application can be run when it matches.
当卸载关键应用程序时,需要向SM-SR上报安全域的应用卸载释放通知,以满足SM-SR对eUICC的管理。When the critical application is uninstalled, the application release release notification of the security domain needs to be reported to the SM-SR to meet the SM-SR management of the eUICC.
所述接收模块503用于接收用户输入的鉴权数据。The receiving module 503 is configured to receive authentication data input by a user.
本实施例中,所述接收模块503可以接收用户通过触摸所述显示设备40输入的指纹数据、手形数据,也可以接收用户通过按压所述显示设备40输入的按键力度数据,还可以接收用户通过在所述显示设备40上写入文字从而输入的笔迹数据或者输入的密码数据等。在一些实施例中,所述移动终端1还包括语音设备,所述接收模块503可以接收用户通过所述语音设备输入的声音数 据。在一些实施例中,所述移动终端1还包括图像采集设备,所述接收模块503可以接收用户通过所述图像采集设备输入的人脸数据、虹膜数据、视网膜数据及耳廓数据等。In this embodiment, the receiving module 503 can receive the fingerprint data and the hand shape data input by the user by touching the display device 40, and can also receive the button strength data input by the user by pressing the display device 40, and can also receive the user pass. The handwriting data or the input password data or the like is written on the display device 40. In some embodiments, the mobile terminal 1 further includes a voice device, and the receiving module 503 can receive the number of voices input by the user through the voice device. according to. In some embodiments, the mobile terminal 1 further includes an image acquisition device, and the receiving module 503 can receive facial data, iris data, retina data, and auricle data input by the user through the image acquisition device.
所述判断模块504用于判断用户输入的鉴权数据是否与预先存储的关键应用程序的鉴权数据相匹配。The determining module 504 is configured to determine whether the authentication data input by the user matches the authentication data of the pre-stored key application.
所述退出模块505用于当用户输入的鉴权数据与预先存储的关键应用程序的鉴权数据不匹配时退出对所述关键应用程序的卸载。The exiting module 505 is configured to exit the uninstallation of the critical application when the authentication data input by the user does not match the authentication data of the pre-stored critical application.
所述解除模块506用于删除所述安全域中的关键数据,以解除所述安全域中的关键数据的占用。The release module 506 is configured to delete key data in the security domain to release the occupation of key data in the security domain.
所述上报模块502还用于向所述SM-SR上报安全域的应用卸载的通知。The reporting module 502 is further configured to report the notification of application uninstallation of the security domain to the SM-SR.
本实施例中,所述上报模块502通过网络向SM-SR上报所述安全域的应用卸载的通知。In this embodiment, the reporting module 502 reports the application uninstallation of the security domain to the SM-SR through the network.
所述卸载模块507用于当用户输入的鉴权数据与预先存储的关键应用程序的鉴权数据相匹配时完成对所述关键应用程序的卸载。The uninstalling module 507 is configured to complete the uninstallation of the critical application when the authentication data input by the user matches the authentication data of the pre-stored critical application.
所述提示模块508用于在所述显示设备40上提示用户鉴权失败,或者通过语音设备输出卸载失败的语音信息。The prompting module 508 is configured to prompt the user to fail the authentication on the display device 40, or output the unsuccessful voice information through the voice device.
在本发明所提供的几个实施例中,应该理解到,所揭露的系统,设备和方法,可以通过其它的方式实现。例如,以上所描述的设备实施例仅仅是示意性的,例如,所述模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the modules is only a logical function division, and the actual implementation may have another division manner.
所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。The modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能模块的形式实现。In addition, each functional module in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software function modules.
上述以软件功能模块的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能模块存储在一个存储介质中,包括若干指令用 以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本发明各个实施例所述方法的部分步骤。The above-described integrated unit implemented in the form of a software function module can be stored in a computer readable storage medium. The above software function modules are stored in a storage medium, including several instructions. Part of the steps of the method of the various embodiments of the present invention are performed by a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor.
对于本领域技术人员而言,显然本发明不限于上述示范性实施例的细节,而且在不背离本发明的精神或基本特征的情况下,能够以其他的具体形式实现本发明。因此,无论从哪一点来看,均应将实施例看作是示范性的,而且是非限制性的,本发明的范围由所附权利要求而不是上述说明限定,因此旨在将落在权利要求的等同要件的含义和范围内的所有变化涵括在本发明内。不应将权利要求中的任何附图标记视为限制所涉及的权利要求。此外,显然“包括”一词不排除其他单元或步骤,单数不排除复数。系统权利要求中陈述的多个单元或设备也可以由一个单元或设备通过软件或者硬件来实现。第一,第二等词语用来表示名称,而并不表示任何特定的顺序。It is apparent to those skilled in the art that the present invention is not limited to the details of the above-described exemplary embodiments, and the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics of the invention. Therefore, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the invention is defined by the appended claims instead All changes in the meaning and scope of equivalent elements are included in the present invention. Any reference signs in the claims should not be construed as limiting the claim. In addition, it is to be understood that the word "comprising" does not exclude other elements or steps. A plurality of units or devices recited in the system claims can also be implemented by a unit or device by software or hardware. The first, second, etc. words are used to denote names and do not denote any particular order.
最后应说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或等同替换,而不脱离本发明技术方案的精神和范围。 It should be noted that the above embodiments are only for explaining the technical solutions of the present invention and are not intended to be limiting, and the present invention will be described in detail with reference to the preferred embodiments. Modifications or equivalents are made without departing from the spirit and scope of the invention.

Claims (12)

  1. 一种应用程序安全管理方法,应用于移动终端中,所述移动终端包括eUICC设备,所述eUICC设备中设有安全域,其特征在于,该方法包括:An application security management method is applied to a mobile terminal, where the mobile terminal includes an eUICC device, and the eUICC device is provided with a security domain, and the method includes:
    下载关键应用程序;及Download key applications; and
    将注册所述关键应用程序时产生的关键数据存储在所述安全域内。The key data generated when the key application is registered is stored in the security domain.
  2. 如权利要求1所述的应用程序安全管理方法,其特征在于,所述关键应用程序包括关联银行卡的应用程序,所述关键数据包括加解密密钥、签名密钥、口令。The application security management method according to claim 1, wherein the key application comprises an application associated with a bank card, and the key data comprises an encryption and decryption key, a signature key, and a password.
  3. 如权利要求1所述的应用程序安全管理方法,其特征在于,将所述关键数据存储在所述安全域内后,该方法还包括:The application security management method according to claim 1, wherein after the key data is stored in the security domain, the method further comprises:
    向签约管理器安全路由上报所述安全域的占用通知。The occupation notification of the security domain is reported to the subscription manager security route.
  4. 如权利要求1所述的应用程序安全管理方法,其特征在于,该方法还包括:The application security management method according to claim 1, wherein the method further comprises:
    预先存储鉴权关键应用程序的数据。Pre-store data for authenticating critical applications.
  5. 如权利要求4所述的应用程序安全管理方法,其特征在于,该方法还包括:The application security management method according to claim 4, wherein the method further comprises:
    卸载所述关键应用程序,包括:Uninstall the key applications, including:
    接收用户输入的鉴权数据;Receiving authentication data input by the user;
    确定用户输入的鉴权数据与所述预先存储的鉴权关键应用程序的数据相匹配时,解除所述安全域中的关键数据的占用;Determining the occupation of key data in the security domain when determining that the authentication data input by the user matches the data of the pre-stored authentication key application;
    向所述签约管理器安全路由上报所述安全域的应用卸载的通知;及Notifying the subscription manager of the secure routing of the application uninstallation of the security domain; and
    完成对所述关键应用程序的卸载。Complete the uninstallation of the critical application.
  6. 如权利要求4-5任一项所述的应用程序安全管理方法,其特征在于,所述鉴权关键应用程序的数据包括用户的生物特征数据、行为特征数据或者密码数据。The application security management method according to any one of claims 4 to 5, wherein the data of the authentication critical application includes biometric data, behavior characteristic data or password data of the user.
  7. 一种应用程序安全管理系统,应用于移动终端中,所述移动终端包括eUICC设备,所述eUICC设备中设有安全域,其特征在于,该系统包括:An application security management system is applied to a mobile terminal, where the mobile terminal includes an eUICC device, and the eUICC device is provided with a security domain, wherein the system includes:
    下载模块,用于下载关键应用程序;及 Download module for downloading critical applications; and
    存储模块,用于将注册所述关键应用程序时产生的关键数据存储在所述安全域内。a storage module, configured to store key data generated when the key application is registered in the security domain.
  8. 如权利要求7所述的应用程序安全管理系统,其特征在于,所述关键应用程序包括关联银行卡的应用程序,所述关键数据包括加解密密钥、签名密钥、口令。The application security management system according to claim 7, wherein said key application comprises an application associated with a bank card, said key data comprising an encryption and decryption key, a signature key, and a password.
  9. 如权利要求7所述的应用程序安全管理系统,其特征在于,所述系统还包括:The application security management system of claim 7, wherein the system further comprises:
    上报模块,用于当将所述关键数据存储在所述安全域内后,向签约管理器安全路由上报所述安全域的占用通知。The reporting module is configured to report the occupation notification of the security domain to the subscription security router after the critical data is stored in the security domain.
  10. 如权利要求7所述的应用程序安全管理系统,其特征在于,所述存储模块还用于预先存储鉴权关键应用程序的数据。The application security management system according to claim 7, wherein the storage module is further configured to pre-store data of the authentication critical application.
  11. 如权利要求10所述的应用程序安全管理系统,其特征在于,所述系统还包括:The application security management system of claim 10, wherein the system further comprises:
    接收模块,用于接收用户输入的鉴权数据;a receiving module, configured to receive authentication data input by a user;
    判断模块,用于确定用户输入的鉴权数据是否与所述预先存储的鉴权关键应用程序的数据相匹配;a determining module, configured to determine whether the authentication data input by the user matches the data of the pre-stored authentication critical application;
    解除模块,用于当所述判断模块确定用户输入的鉴权数据与所述预先存储的鉴权关键应用程序的数据相匹配时,解除所述安全域中的关键数据的占用;And a releasing module, configured to: when the determining module determines that the authentication data input by the user matches the data of the pre-stored authentication key application, disarming the key data in the security domain;
    所述上报模块,还用于向所述签约管理器安全路由上报所述安全域的应用卸载的通知;及The reporting module is further configured to report the application uninstallation of the security domain to the subscription manager secure route; and
    卸载模块,用于完成对所述关键应用程序的卸载。An uninstallation module is used to complete the uninstallation of the critical application.
  12. 如权利要求10-11任一项所述的应用程序安全管理系统,其特征在于,所述鉴权关键应用程序的数据包括用户的生物特征数据、行为特征数据或者密码数据。 The application security management system according to any one of claims 10 to 11, wherein the data of the authentication critical application includes biometric data, behavior characteristic data or password data of the user.
PCT/CN2016/097464 2016-05-25 2016-08-31 Application program security management method and system WO2017201908A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610352945.9 2016-05-25
CN201610352945.9A CN105827653A (en) 2016-05-25 2016-05-25 Application security management method and system

Publications (1)

Publication Number Publication Date
WO2017201908A1 true WO2017201908A1 (en) 2017-11-30

Family

ID=56531221

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/097464 WO2017201908A1 (en) 2016-05-25 2016-08-31 Application program security management method and system

Country Status (2)

Country Link
CN (1) CN105827653A (en)
WO (1) WO2017201908A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102021002193A1 (en) 2021-04-26 2022-10-27 Giesecke+Devrient Mobile Security Gmbh Payment solution, especially digital payment solution

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105827653A (en) * 2016-05-25 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Application security management method and system
CN106484796B (en) * 2016-09-22 2022-12-20 宇龙计算机通信科技(深圳)有限公司 File management method, file management device and mobile terminal
CN108966205B (en) * 2018-07-04 2021-08-27 高新兴物联科技有限公司 Method, equipment and computer readable storage medium compatible with multiple eSIM management specifications

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104469737A (en) * 2014-11-17 2015-03-25 中国联合网络通信集团有限公司 Embedded universal integrated circuit card and user subscription information activation method thereof
CN105282732A (en) * 2014-07-17 2016-01-27 三星电子株式会社 Method and device for updating profile management server
CN105488427A (en) * 2014-10-06 2016-04-13 意法半导体公司 Client accessible secure domains in a mobile device security module
CN105827653A (en) * 2016-05-25 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Application security management method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2810360C (en) * 2012-06-27 2016-05-10 Rogers Communications Inc. System and method for remote provisioning of embedded universal integrated circuit cards
FR3002398B1 (en) * 2013-02-18 2015-04-03 Oberthur Technologies METHOD OF CREATING A PROFILE IN A SECURITY DOMAIN OF A SECURE ELEMENT

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105282732A (en) * 2014-07-17 2016-01-27 三星电子株式会社 Method and device for updating profile management server
CN105488427A (en) * 2014-10-06 2016-04-13 意法半导体公司 Client accessible secure domains in a mobile device security module
CN104469737A (en) * 2014-11-17 2015-03-25 中国联合网络通信集团有限公司 Embedded universal integrated circuit card and user subscription information activation method thereof
CN105827653A (en) * 2016-05-25 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Application security management method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102021002193A1 (en) 2021-04-26 2022-10-27 Giesecke+Devrient Mobile Security Gmbh Payment solution, especially digital payment solution
WO2022228726A1 (en) 2021-04-26 2022-11-03 Giesecke+Devrient Mobile Security Gmbh Payment solution, especially digital payment solution

Also Published As

Publication number Publication date
CN105827653A (en) 2016-08-03

Similar Documents

Publication Publication Date Title
US20200320222A1 (en) Information management method, apparatus, and information management system
KR102325912B1 (en) Holistic module authentication with a device
US20180082050A1 (en) Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device
US20080003980A1 (en) Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof
US8600355B1 (en) Systems and methods for authenticating applications for access to secure data using identity modules
CN100568212C (en) Shielding system and partition method
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
CN103974250B (en) Collocation method and equipment
CN107241688A (en) Signature, verification method, device and the storage medium of application installation package
WO2017201908A1 (en) Application program security management method and system
CN113472774B (en) Account login-free method, system, device and computer readable storage medium
US10069820B2 (en) Linked registration
CN104660417B (en) Verification method, checking device and electronic equipment
KR101439799B1 (en) Information processing device, method of controlling information processing device and computer readable recording medium with information processing device control program recorded thereon
US20090077382A1 (en) Method for the preparation of a chip card for electronic signature services
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
CN111614686A (en) Key management method, controller and system
CN112597452A (en) Application program interface calling method and device, storage medium and electronic equipment
KR20140043071A (en) Authentication system and method for device attempting connection
KR101221728B1 (en) The certification process server and the method for graphic OTP certification
CN115482132A (en) Data processing method and device for electronic contract based on block chain and server
CN105245526B (en) Call the method and apparatus of SIM card application
JP2023521901A (en) Mobile application forgery/falsification detection method, computer program, computer-readable recording medium and computer device using user identifier and signature collection
CN112491893B (en) Block chain terminal equipment network access method, device, server and storage medium
US20240056821A1 (en) A cloud computing environment and a method for providing remote secure element services

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16902894

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16902894

Country of ref document: EP

Kind code of ref document: A1